Download Document

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
Document related concepts
no text concepts found
Transcript 
Programming Smart Cards
Rajnish Kumar
Comp527.
Expect to learn

Cardlet

Development

Installation

Coke Machine Interface Implementation

Basic Cryptography
Smart Cards


A Card with built-in micro-processor and
memory.
Applications :

Pre-paid calling card

Security needs

e-cash
Terminology

Program



Cardlet



Applet
Application
Instance of Program
Unique AID
APDU

Communication format between card and terminal
Java Card Architecture
Cardlets
Loader Application
Javacard API
SOLO virtual Machine
APDU Mgmt
FileSystem
Crypto
Chip Dependent Functions
Utilities
Developing a Cardlet
1.
Develop a
.java file
Compile to
.class
-Use the packages provided
-Javacard.framework
-Javacardx.cryptography
-Use “-g” to compile
- javac –g wallet.java
Developing a Cardlet
1.
Compile to
.class
Develop a
.java file
2.
Create a
.bin file
Use MakeSOLO tool to
generate .bin file from
.class
Developing a Cardlet
1.
Use CardletManager
tool to download .bin
file to the card.
Compile to
.class
Develop a
.java file
2.
3.
Create a
.bin file
Download as a
program file
Developing a Cardlet
1.
•Instantiate the program
Compile to
.class
Develop a
.java file
2.
•Assign AID
3.
Create a
.bin file
4.
Download as a
program file
Install as a
Cardlet
Methods required for Cardlet



install() : instantiate cardlet object
select() : prepare the cardlet for
execution
process() : switch statement
Optional :

main() : entry point for cardlet
Javacard.framework






AID
APDU
ISO
OwnerPin
Applet
Util
- Application ID
- Handling communication buffer
- constants
- array functions
Beware !!

Card resource limitations




Total cardlet size : 13.5 kb
Limited heap and stack size
Operation time out
Desynchronization

Writing Terminal Application
Java Card’s native commands



Hosted by Loader utility
Loader acts as native OS
Loader’s function :



Conduct transaction between terminal and
cardlet
Provide cryptography support
Manage card’s files, program files and
cardlets.
Example Commands







CreateFile
DeleteFile
SelectFile
ReadBinary
UpadteBinary
VerifyCHV
VerifyKey
Terminal Application


Use slb.iop.* classes to write terminal
application in Java
Example method :

SmartCard.sendCardAPDU( CLA,
INS,
P1,P2,
dataArray,
Mode )
Command format (APDU)
From Terminal
CLA
From Card,
To Terminal

INS
P1
P2
P3
Data
SW1
CLA : Command Class ( 1byte )


00h for loader class ( Card specific ).
03h for Wallet ( User defined )
SW2
Command format
From Terminal
CLA
INS
P1
P2
P3
Data
From Card,
To Terminal

SW1
INS : Command Instruction Identifier (1b)


CLA + INS uniquely identifies the command
If native, loader process


Else, forwarded to suitable cardlet
03h for getBalance().
SW2
Command format
From Terminal
From Card,
To Terminal



CLA
INS
P1
P2
P3
Data
SW1
SW2
P1,P2 : Command parameters
P3
: number of bytes of data to follow, or
expected by the terminal
SW1,SW2 : status words.

Cryptography Support
Cryptography Support




Symmetric/Asymmetric Authentication
Internal/External Authentication
Key Files
Supported Encryption Algorithms:



DES
3-DES
RSA
Key Files
Key File
File ID
Details
CHV1
CHV2
0000
0100
Card holder verification PIN,
unblocking PIN, attempts
Ext Key file
0011
Contains DES/3DES keys for external
authentication, transport key
Int Key file
0001
DES/3DES keys for internal
authentication, MAC
RSA-PRI
RSA-PUB
0012
1012
Private key
Public key
External Authentication
1.
2.
3.
Terminal calls AskRandom. Card has to
return a challenge (random number ).
Terminal encrypts the challenge. Sends the
encrypted challenge back to card using
ExternalAuth . Key ID is also specified.
Card checks the correctness of terminal
response, and authenticates if correct.
Internal Authentication
1.
Call an
CLA INS
00/F0
2.
3.
88
InternalAuth command
P1
P2
algo_ID key_nb
P3
Mode
length
S/R
Call getResponse to get the cryptogram
Check if cryptogram is correct.
Javacardx.crypto

Classes





DES_Key
DES3_Key
RSA_PrivateKey
RSA_PublicKey
MessageDigest
En/Decryption

DES_Key class methods





encryptECB, encryptCBC
decryptECB, decryptCBC
generateMAC, verifyMAC
setKey
getBlockSize

Code Walk Through
Reference

SDK Guide
Cyberflex Access Programmer’s Guide

Search google for Java cryptography

www.cyberflex.com/Support/support.html

Related documents
PHS102 Lecture 18 Sep 2014 DLI Block 2 2nd Floor
PHS102 Lecture 18 Sep 2014 DLI Block 2 2nd Floor
Hophornbeam Copperleaf
Hophornbeam Copperleaf
Activity 3: Electric potential and potential energy
Activity 3: Electric potential and potential energy
Lecture 11 ppt version
Lecture 11 ppt version
FLOWER/FRUIT: Orange-red with yellow inside, narrow funnel up to
FLOWER/FRUIT: Orange-red with yellow inside, narrow funnel up to
Java Basics
Java Basics
Java SE Security
Java SE Security
Potential distribution terminals with 16 terminal connections
Potential distribution terminals with 16 terminal connections
Internal Resistance File
Internal Resistance File
Thus, based on the data communications network that is sending
Thus, based on the data communications network that is sending
There are two ways to figure out whether power is positive
There are two ways to figure out whether power is positive